<?php

namespace app\resources\service;

use Firebase\JWT\JWT;
use help\EncryptionHelp;
use phpseclib3\Crypt\RSA;
use phpseclib3\Crypt\PublicKeyLoader;
use app\resources\service\BaseService;

/**
 * oldc基类
 */
class OldcService extends BaseService
{
    /**
     * 获取发布者
     * @return void
     */
    public static function getRouteOidcIssuer()
    {
        return  env('APP_HOST') . '/oidc/o';     // 容器最大端口
    }

    /**
     * 获取keys
     * @return void
     */
    public static function getRouteOidcKeys()
    {
        return env('APP_HOST') . '/oldc/keys';     // 容器最大端口
    }

    /**
     * 获取密钥
     * @return void
     */
    public static function getSecretKey()
    {
        return EncryptionHelp::encryptBase64(EncryptionHelp::makeEncrypt(), 'node');
    }

    /**
     * 解密密钥
     * @return void
     */
    public static function decryptSecretKey($encrypt)
    {
        return EncryptionHelp::decryptBase64($encrypt, 'node');
    }

    /**
     * 获取access_token
     * @return void
     */
    public static function getOidcToken()
    {
        if (request()->param('grant_type') != 'client_credentials') {
            return;
        }
        $authorization = request()->header('authorization');
        if (!$authorization) {
            return;
        }
        $authorization = base64_decode(str_replace('Basic ', '', $authorization));
        $authorization = explode(':', $authorization);
        if (count($authorization) != 2) {
            return;
        }
        $client_id = $authorization[0];
        $client_secret = $authorization[1];
        if (!$client_secret || !EncryptionHelp::decryptBase64($client_secret, 'frp')) {
            return '1';
        }
        if (!$client_id || 1) {
            // return;
        }
        // 
        $rootPath = root_path('cert/oldc');
        $privateKey = $rootPath . 'private_key.pem';
        $publicKey = $rootPath . 'puilck_key.pem';
        if (!file_exists($privateKey)) {
            $private = RSA::createKey(4028);
            $public = $private->getPublicKey() . '';
            file_put_contents($privateKey, $private = $private . '');
            file_put_contents($publicKey, $public . '');
        } else {
            $private = file_get_contents($privateKey);
            $public = file_get_contents($publicKey);
        }
        $data = [
            "iss" => env('APP_HOST') . '/oidc/o',                  //签发者 可以为空
            "aud" => 'openid-weifashi',     // openid
            "iat" => time(),                //签发时间
            "exp" => time() + 3600,         //token 过期时间
        ];
        return ['access_token' => JWT::encode($data, $private, "RS256", $client_id)];
    }

    /**
     * 获取keysUrl
     * @return void
     */
    public static function getKeysUrl()
    {
        return [
            "issuer" => self::getRouteOidcIssuer(),
            'jwks_uri' => self::getRouteOidcKeys(),
        ];
    }

    /**
     * 获取getKeys
     * @return void
     */
    public static function getKeys()
    {
        $publicKey = file_get_contents(root_path('cert/oldc') . 'puilck_key.pem');
        $public = PublicKeyLoader::loadPublicKey($publicKey);
        $result =  $public->toString('JWK', [
            'kid' => 'Aybonk9RoG1I6YzTLKUDnPXU647rtJymig0I2PPj',
            'alg' => 'RS256'
        ]);
        $result = json_decode($result,true);
        return $result;
    }

}
